As co-founder & CEO of uno.ai, Shashank leads a team of world-class engineers building an expert security analyst—not a tool for one!
getty
The only way cybersecurity teams can effectively and efficiently thwart threats, understand unfolding attacks and piece together possible data leaks is through ruthless prioritization. You heard it right. It's about doing fewer things well and getting deeper into it. Without a thorough understanding, chances of success are minimal, if any.
How do you know what's important?
As a cybersecurity leader, you're constantly looking at emerging threats, possible evidence of compromise or attack and a growing number of vulnerabilities. You have alerts and notifications popping up at you from multiple systems. You're tired, fatigued and mostly in nonstop firefighting mode.
The alerts and notifications get you as far as a summarized view of some isolated data or evidence of possible anomalous activity. That leads to more investigation and a ton of manual stitching of information from different systems and datasets that make up your stack. You neither have the all-encompassing skills and talent in your team to piece everything together nor do you have the time, tools or energy to do it with confidence every day.
That means you're left skimming the surface and knowing a lot of possible things that could range from being very dangerous to false positives. You're unable to differentiate or categorize these with confidence because getting the underlying story and piecing it together is complex, time-consuming and borders close to the zone of impossibility.
Does automation help?
Hiring an army of well-trained cybersecurity analysts is neither feasible nor practical. There's a talent shortage and it's very expensive to attract the small group of talented cybersecurity professionals who everyone wants to hire. This means you can't simply throw people at the problem, leaving aside the fact that it may still not solve the underlying issue.
What, then, could one do? Automation seems to be the name of the game. Workflows are run using rule and machine learning-driven software, and playbooks are automated in an attempt to tame the complexity. This leads to two outcomes:
1. Many mundane activities are automated.
2. More work is created.
The first outcome is rewarding because no human enjoys doing mundane and repetitive mindless jobs. The second one seems concerning. Why does automation create more work?
Automation can solve the problem of increasing throughput, so it can surely work through a larger number of cases than a human can. It can also do some simple steps like filtering and sorting, thereby allowing for the cataloging of alerts, notifications and indications of threats. It could also be configured to take some repetitive actions, thereby reducing the burden of humans doing every small configuration change themselves. Certainly, it allows for smoother management of cases and issues, as it offers the possibility of integration with familiar tools and processes. However, it doesn't help with perhaps the most important problem: making sense of the situation and reasoning through it to make inferences and conclusions.
What's an autonomous cybersecurity analyst?
This is where machine learning and artificial intelligence-driven expert systems can come into play. These are cybersecurity analyst systems that can reason like a human and successfully complete tasks of making inferences, understanding root causes and deciding on courses of action.
The presence of such a system lends itself to the clear identification of the value-added tasks that a human can then focus on. Such systems also complete the tasks of stitching stories together out of underlying evidence and data and lead to enough groundwork so the parts that need human judgment can then be managed effectively and efficiently.
If everything is important, nothing is important.
It all goes back to the commonly understood but often forgotten maxim that if you prioritize everything, then effectively, you prioritize nothing. If your list of the most important tasks is long and ever-increasing, then realistically, you're implying that nothing on that list is important because hardly any of those will finally get done. Making sure you ruthlessly prioritize your cybersecurity tasks with the help of advanced automation can help alleviate your team's stress and prevent burnout, which can lead to a more effective and efficient company cybersecurity posture.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
